Combating phishing attacks via brand identity and authorization features
Geng, Guanggang1; Lee, Xiao-Dong1; Zhang, Yan-Ming2
2014-08-08
发表期刊SECURITY AND COMMUNICATION NETWORKS
卷号8期号:6页码:888-898
摘要
Phishing, also called brand spoofing, has become the most troubling scam on the Internet, which seriously threatens the
Web security. The essence of phish is that “robbers” use false sites, which look like a trustworthy brand site, where favicon,
logo and copyright notice are important brand identities. We analyzed 78-day phishing data of PhishTank and Anti-Phishing
Working Group (APWG). The statistics show that more than 98.93% phishing sites contain at least one brand entity—
favicon, logo or copyright notice. Indeed, only a few lowest-quality phishing campaigns do not use such brand elements.
Obviously, brand entities are powerful weapons of phishers to trick users. By analyzing the characteristics of brand entities
in phishing sites, several brand identity features are extracted. However, only brand entities do not consider whether the
Web page with brand entities belongs to the corresponding brand or has an authorization to use the brand entities. To
solve this problem, redirection, incoming links and Domain Name System (DNS) information-based brand authorization
features are further extracted to discriminate the sites with branding rights from phishing sites. Based on extracted features,
statistical anti-phishing classification models are trained. We collected a diverse spectrum of corpora containing 3863
phishing cases from PhishTank and APWG, and 17 571 legitimate samples from DMOZ, Google and DNS resolution
log. Experimental evaluations show that the model achieves 98.8% true positive rate and 0.09% false positive rate, which
demonstrates the competitive performances of extracted features for statistical anti-phishing in practice.
关键词Brand Identity Recognition
DOI10.1002/sec.1045
收录类别SCI
WOS记录号WOS:000351877000002
引用统计
被引频次:2[WOS]   [WOS记录]     [WOS相关记录]
文献类型期刊论文
条目标识符http://ir.ia.ac.cn/handle/173211/10837
专题模式识别国家重点实验室_模式分析与学习
作者单位1.Computer Network Information Center, Chinese Academy of Sciences
2.National Laboratory of Pattern Recognition, Institute of Automation
推荐引用方式
GB/T 7714
Geng, Guanggang,Lee, Xiao-Dong,Zhang, Yan-Ming. Combating phishing attacks via brand identity and authorization features[J]. SECURITY AND COMMUNICATION NETWORKS,2014,8(6):888-898.
APA Geng, Guanggang,Lee, Xiao-Dong,&Zhang, Yan-Ming.(2014).Combating phishing attacks via brand identity and authorization features.SECURITY AND COMMUNICATION NETWORKS,8(6),888-898.
MLA Geng, Guanggang,et al."Combating phishing attacks via brand identity and authorization features".SECURITY AND COMMUNICATION NETWORKS 8.6(2014):888-898.
条目包含的文件 下载所有文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
geng2015combating.pd(1133KB)期刊论文作者接受稿开放获取CC BY-NC-SA浏览 下载
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Geng, Guanggang]的文章
[Lee, Xiao-Dong]的文章
[Zhang, Yan-Ming]的文章
百度学术
百度学术中相似的文章
[Geng, Guanggang]的文章
[Lee, Xiao-Dong]的文章
[Zhang, Yan-Ming]的文章
必应学术
必应学术中相似的文章
[Geng, Guanggang]的文章
[Lee, Xiao-Dong]的文章
[Zhang, Yan-Ming]的文章
相关权益政策
暂无数据
收藏/分享
文件名: geng2015combating.pdf
格式: Adobe PDF
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。